Bidirectional Forwarding Detection
- authentication (BFD)
- bfd
- bfd all-interfaces
- bfd check-ctrl-plane-failure
- bfd echo
- bfd slow-timers
- bfd template
- bfd-template
- ip route static bfd
- ipv6 route static bfd
authentication (BFD)
authentication authentication-type keychain keychain-name
no authentication authentication-type keychain keychain-name
Syntax Description
| authentication-type |
Authentication type. Valid values are md5, meticulous-md5, meticulous-sha1, and sha-1. |
| keychain keychain-name |
Configures an authentication key chain with the specified name. The maximum number of characters allowed in the name is 32. |
Command Default
Authentication in BFD template for single hop sessions is not enabled.
Command Modes
BFD configuration (config-bfd)
Command History
| Release | Modification |
|---|---|
|
Cisco IOS XE Denali 16.3.1 |
This command was introduced. |
Usage Guidelines
You can configure authentication in single hop templates. We recommend that you configure authentication to enhance security. Authentication must be configured on each BFD source-destination pair, and authentication parameters must match on both devices.
The following example shows how to configure authentication for the template1 BFD single-hop template:
Device> enable Device# configuration terminal Device(config)# bfd-template single-hop template1 Device(config-bfd)# authentication sha-1 keychain bfd-singlehop
bfd
bfd interval milliseconds min_rx milliseconds multiplier multiplier-value
no bfd interval milliseconds min_rx milliseconds multiplier multiplier-value
Syntax Description
| interval milliseconds |
Specifies the rate, in milliseconds, at which BFD control packets will be sent to BFD peers. The valid range for the milliseconds argument is from 50 to 9999. |
| min_rx milliseconds |
Specifies the rate, in milliseconds, at which BFD control packets will be expected to be received from BFD peers. The valid range for the milliseconds argument is from 50 to 9999. |
| multiplier multiplier-value |
Specifies the number of consecutive BFD control packets that must be missed from a BFD peer before BFD declares that the peer is unavailable and the Layer 3 BFD peer is informed of the failure. The valid range for the multiplier-valueargument is from 3 to 50. |
Command Default
No baseline BFD session parameters are set.
Command Modes
Interface configuration (config-if)
Command History
| Release | Modification |
|---|---|
|
Cisco IOS XE Denali 16.3.1 |
This command was introduced. |
Usage Guidelines
The bfd command can be configured on SVI, Ethernet and port-channel interfaces.
If BFD runs on a port channel interface, BFD has a timer value restriction of 250 * 3 milliseconds.
The bfd interval configuration is not removed when:
-
an IPv4 address is removed from an interface
-
an IPv6 address is removed from an interface
-
IPv6 is disabled from an interface
-
an interface is shutdown
-
IPv4 CEF is disabled globally or locally on an interface
-
IPv6 CEF is disabled globally or locally on an interface
The bfd interval configuration is removed when the subinterface on which its is configured is removed.
 Note | If we configure bfd interval command in interface config mode, then bfd echo mode is enabled by default. We need to enable either no ip redirect (if BFD echo is needed) or no bfd echo in interface config mode. Before using BFD echo mode, you must disable sending Internet Control Message Protocol (ICMP) redirect messages by entering the no ip redirect command, in order to avoid high CPU utilization. |
The following example shows the BFD session parameters set for Gigabit Ethernet 1/0/3:
Device> enable Device# configuration terminal Device(config)# interface gigabitethernet 1/0/3 Device(config-if)# bfd interval 100 min_rx 100 multiplier 3
bfd all-interfaces
bfd all-interfaces
no bfd all-interfaces
Syntax Description
Command Default
BFD is disabled on the interfaces participating in the routing process.
Command Modes
Router configuration (config-router)
Command History
| Release | Modification |
|---|---|
|
Cisco IOS XE Denali 16.3.1 |
This command was introduced. |
Usage Guidelines
To enable BFD for all interfaces, enter the bfd all-interfaces command in router configuration mode
The following example shows how to enable BFD for all Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors:
Device> enable Device# configuration terminal Device(config)# router eigrp 123 Device(config-router)# bfd all-interfaces Device(config-router)# end
The following example shows how to enable BFD for all Intermediate System-to-Intermediate System (IS-IS) neighbors:
Device> enable Device# configuration terminal Device(config)# router isis tag1 Device(config-router)# bfd all-interfaces Device(config-router)# end
bfd check-ctrl-plane-failure
bfd check-ctrl-plane-failure
no bfd check-ctrl-plane-failure
Syntax Description
Command Default
BFD control plane failure checking is disabled.
Command Modes
Router configuration (config-router)
Command History
| Release | Modification |
|---|---|
|
Cisco IOS XE Denali 16.3.1 |
This command was introduced. |
Usage Guidelines
The bfd check-ctrl-plane-failure command can be configured for an IS-IS routing process only. The command is not supported on other protocols.
When a switch restarts, a false BFD session failure can occur, where neighboring routers behave as if a true forwarding failure has occurred. However, if the bfd check-ctrl-plane-failure command is enabled on a switch, the router can ignore control plane related BFD session failures. We recommend that you add this command to the configuration of all neighboring routers just prior to a planned router restart, and that you remove the command from all neighboring routers when the restart is complete.
The following example enables BFD control plane failure checking for the IS-IS routing protocol:
Device> enable Device# configuration terminal Device(config)# router isis Device(config-router)# bfd check-ctrl-plane-failure Device(config-router)# end
bfd echo
bfd echo
no bfd echo
Syntax Description
Command Default
BFD echo mode is enabled by default if BFD is configured using bfd interval command in interface configuration mode.
Command Modes
Interface configuration (config-if)
Command History
| Release | Modification |
|---|---|
|
Cisco IOS XE Denali 16.3.1 |
This command was introduced. |
Usage Guidelines
Echo mode is enabled by default. Entering the no bfd echo command without any keywords turns off the sending of echo packets and signifies that the switch is unwilling to forward echo packets received from BFD neighbor switches.
When echo mode is enabled, the desired minimum echo transmit interval and required minimum transmit interval values are taken from the bfd interval milliseconds min_rx milliseconds parameters, respectively.
Note | Before using BFD echo mode, you must disable sending Internet Control Message Protocol (ICMP) redirect messages by entering the no ip redirects command, in order to avoid high CPU utilization. |
The following example configures echo mode between BFD neighbors:
Device> enable Device# configuration terminal Device(config)# interface GigabitEthernet 1/0/3 Device(config-if)# bfd echo
The following output from the show bfd neighbors details command shows that the BFD session neighbor is up and using BFD echo mode. The relevant command output is shown in bold in the output.
Device# show bfd neighbors details
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int
172.16.1.2 172.16.1.1 1/6 Up 0 (3 ) Up Fa0/1
Session state is UP and using echo function with 100 ms interval.
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 1000000, MinRxInt: 1000000, Multiplier: 3
Received MinRxInt: 1000000, Received Multiplier: 3
Holdown (hits): 3000(0), Hello (hits): 1000(337)
Rx Count: 341, Rx Interval (ms) min/max/avg: 1/1008/882 last: 364 ms ago
Tx Count: 339, Tx Interval (ms) min/max/avg: 1/1016/886 last: 632 ms ago
Registered protocols: EIGRP
Uptime: 00:05:00
Last packet: Version: 1 - Diagnostic: 0
State bit: Up - Demand bit: 0
Poll bit: 0 - Final bit: 0
Multiplier: 3 - Length: 24
My Discr.: 6 - Your Discr.: 1
Min tx interval: 1000000 - Min rx interval: 1000000
Min Echo interval: 50000
bfd slow-timers
bfd slow-timers [ milliseconds]
no bfd slow-timers
Command Default
The BFD slow timer value is 1000 milliseconds
Command Modes
Global configuration (config)
Command History
| Release | Modification |
|---|---|
|
Cisco IOS XE Denali 16.3.1 |
This command was introduced. |
The following example shows how to configure the BFD slow timers value to 14,000 milliseconds:
Device(config)# bfd slow-timers 14000
The following output from the show bfd neighbors details command shows that the BFD slow timers value of 14,000 milliseconds has been implemented. The values for the MinTxInt and MinRxInt will correspond to the configured value for the BFD slow timers. The relevant command output is shown in bold.
Device# show bfd neighbors details
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int
172.16.1.2 172.16.1.1 1/6 Up 0 (3 ) Up Fa0/1
Session state is UP and using echo function with 100 ms interval.
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 14000, MinRxInt: 14000, Multiplier: 3
Received MinRxInt: 1000000, Received Multiplier: 3
Holdown (hits): 3600(0), Hello (hits): 1200(337)
Rx Count: 341, Rx Interval (ms) min/max/avg: 1/1008/882 last: 364 ms ago
Tx Count: 339, Tx Interval (ms) min/max/avg: 1/1016/886 last: 632 ms ago
Registered protocols: EIGRP
Uptime: 00:05:00
Last packet: Version: 1 - Diagnostic: 0
State bit: Up - Demand bit: 0
Poll bit: 0 - Final bit: 0
Multiplier: 3 - Length: 24
My Discr.: 6 - Your Discr.: 1
Min tx interval: 1000000 - Min rx interval: 1000000
Min Echo interval: 50000
bfd template
bfd template template-name
no bfd template template-name
Command Default
A BFD template is not bound to an interface.
Command Modes
Interface configuration (config-if)
Command History
| Release | Modification |
|---|---|
|
Cisco IOS XE Denali 16.3.1 |
This command was introduced. |
Usage Guidelines
Even if you have not created the template by using the bfd-template command, you can configure the name of the template under an interface, but the template is considered invalid until you define the template. You do not have to reconfigure the template name again. It becomes valid automatically.
Device> enable Device# configuration terminal Device(config)# interface Gigabitethernet 1/3/0 Device(config-if)# bfd template template1
bfd-template
bfd-template single-hop template-name
no bfd-template single-hop template-name
Syntax Description
| single-hop |
Creates the single-hop BFD template. |
| template-name |
Template name. |
Command Default
A BFD template does not exist.
Command Modes
Global configuration (config)
Command History
| Release | Modification |
|---|---|
|
Cisco IOS XE Denali 16.3.1 |
This command was introduced. |
Usage Guidelines
The bfd-template command allows you to create a BFD template and places the device in BFD configuration mode. The template can be used to specify a set of BFD interval values. BFD interval values specified as part of the BFD template are not specific to a single interface.
The following example shows how to create a BFD template and specify BFD interval values:
Device> enable Device# configuration terminal Device(config)# bfd-template single-hop node1 Device(bfd-config)#interval min-tx 100 min-rx 100 multiplier 3 Device(bfd-config)#echo
The following example shows how to create a BFD single-hop template and configure BFD interval values and an authentication key chain:
Device> enable Device# configuration terminal Device(config)# bfd-template single-hop template1 Device(bfd-config)#interval min-tx 200 min-rx 200 multiplier 3 Device(bfd-config)#authentication keyed-sha-1 keychain bfd_singlehop
Note | BFD echo is not enabled by default in the bfd-template configuration. This needs to configured explicitly. |
ip route static bfd
ip route static bfd { interface-type interface-number ip-address | vrf vrf-name} [ group group-name] [passive] [unassociate]
no ip route static bfd { interface-type interface-number ip-address | vrf vrf-name} [ group group-name] [passive] [unassociate]
Syntax Description
| interface-type interface-number |
Interface type and number. |
| ip-address |
IP address of the gateway, in A.B.C.D format. |
| vrf vrf-name |
Specifies Virtual Routing and Forwarding (VRF) instance and the destination vrf name. |
| group group-name |
(Optional) Assigns a BFD group. The group-name is a character string of up to 32 characters specifying the BFD group name. |
| unassociate |
(Optional) Unassociates the static route configured for a BFD. |
Command Default
No static route BFD neighbors are specified.
Command Modes
Global configuration (config)
Command History
| Release | Modification |
|---|---|
|
Cisco IOS XE Denali 16.3.1 |
This command was introduced. |
Usage Guidelines
Use the ip route static bfd command to specify static route BFD neighbors. All static routes that have the same interface and gateway specified in the configuration share the same BFD session for reachability notification.
All static routes that specify the same values for the interface-type, interface-number, and ip-address arguments will automatically use BFD to determine gateway reachability and take advantage of fast failure detection.
The group keyword assigns a BFD group. The static BFD configuration is added to the VPN routing and forwarding (VRF) instance with which the interface is associated. The passive keyword specifies the passive member of the group. Adding static BFD in a group without the passive keyword makes the BFD an active member of the group. A static route should be tracked by the active BFD configuration in order to trigger a BFD session for the group. To remove all the static BFD configurations (active and passive) of a specific group, use the no ip route static bfd command and specify the BFD group name.
The unassociate keyword specifies that a BFD neighbor is not associated with static route, and the BFD sessions are requested if an interface has been configured with BFD. This is useful in bringing up a BFDv4 session in the absence of an IPv4 static route. If the unassociate keyword is not provided, then the IPv4 static routes are associated with BFD sessions.
BFD requires that BFD sessions are initiated on both endpoint devices. Therefore, this command must be configured on each endpoint device.
The BFD static session on a switch virtual interface (SVI) is established only after the bfd interval milliseconds min_rx milliseconds multiplier multiplier-value command is disabled and enabled on that SVI.
To enable the static BFD sessions, perform the following steps:
-
Enable BFD timers on the SVI.
bfd interval milliseconds min_rx milliseconds multiplier multiplier-value
-
Enable BFD for the static IP route
ip route static bfd interface-type interface-number ip-address
-
Disable and enable the BFD timers on the SVI again.
no bfd interval milliseconds min_rx milliseconds multiplier multiplier-value
bfd interval milliseconds min_rx milliseconds multiplier multiplier-value
The following example shows how to configure BFD for all static routes through a specified neighbor, group, and active member of the group:
Device# configuration terminal Device(config)# ip route static bfd GigabitEthernet 1/0/1 10.1.1.1 group group1
The following example shows how to configure BFD for all static routes through a specified neighbor, group, and passive member of the group:
Device# configuration terminal Device(config)# ip route static bfd GigabitEthernet 1/0/1 10.2.2.2 group group1 passive
The following example shows how to configure BFD for all static routes in an unassociated mode without the group and passive keywords:
Device# configuration terminal Device(config)# ip route static bfd GigabitEthernet 1/0/1 10.2.2.2 unassociate
ipv6 route static bfd
ipv6 route static bfd [ vrf vrf-name] interface-type interface-number ipv6-address [unassociated]
no ipv6 route static bfd
Syntax Description
| vrf vrf-name |
(Optional) Name of the virtual routing and forwarding (VRF) instance by which static routes should be specified. |
| interface-type interface-number |
Interface type and number. |
| ipv6-address |
IPv6 address of the neighbor. |
| unassociated |
(Optional) Moves a static BFD neighbor from associated mode to unassociated mode. |
Command Default
No static route BFDv6 neighbors are specified.
Command Modes
Global configuration (config)
Command History
| Release | Modification |
|---|---|
|
Cisco IOS XE Denali 16.3.1 |
This command was introduced. |
Usage Guidelines
Use the ipv6 route static bfd command to specify static route neighbors. All of the static routes that have the same interface and gateway specified in the configuration share the same BFDv6 session for reachability notification. BFDv6 requires that BFDv6 sessions are initiated on both endpoint routers. Therefore, this command must be configured on each endpoint router. An IPv6 static BFDv6 neighbor must be fully specified (with the interface and the neighbor address) and must be directly attached.
All static routes that specify the same values for vrf vrf-name, interface-type interface-number , and ipv6-address will automatically use BFDv6 to determine gateway reachability and take advantage of fast failure detection.
The following example creates a neighbor on Ethernet interface 0/0 with an address of 2001::1:
Device# configuration terminal Device(config)# ipv6 route static bfd ethernet 0/0 2001::1
The following example converts the neighbor to unassociated mode:
Device# configuration terminal Device(config)# ipv6 route static bfd ethernet 0/0 2001::1 unassociated
Feedback